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^S) ' Abstract 

?— j ' Normal bases and self-dual normal bases over finite fields have been found to be very 

useful in many fast arithmetic computations. It is well-known that there exists a self-dual 
normal basis of F21 over F2 if and only if 4 f n. In this paper, we prove there exists a normal 
element a of F2" over F2 corresponding to a prescribed vector a = (ao, ai , ■ ■ ■ , a„_i) G F2 
such that m = Tr2i|2(o^^'^ ) for < « < n — 1, where n is a 2-power or odd, if and only if 
the given vector a is symmetric (a^ — a„-i for alH,l<i<n— 1), and one of the following 
is true. 

E-H . 1) n = 2" > 4, ao = 1, a„/2 = 0, J2 a* = 1; 

l<i<n/2-l,(j,2) = l 

2) n is odd, ( Yl a:" - 1) = 1- 

0<i<n-l 

Furthermore we give an algorithm to obtain normal elements corresponding to pre- 
scribed vectors in the above two cases. For a general positive integer n with 4|n, some 
necessary conditions for a vector to be the corresponding vector of a normal element of 
F2" over F2 are given. And for all n with 4ln, we prove that there exists a normal element 
of F2" over F2 such that the Hamming weight of its corresponding vector is 3, which is the 
lowest possible Hamming weight. 



Keywords: Normal basis. Self-dual, Hamming weight, Reciprocal polynomial, trace func- 
tion 
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^ ■ 1 Introduction 
O 

Suppose Fgn is the extension field of degree n over the q elements finite field Fg, where g is a 
prime power. The trace function F^n to its subfield ¥qm with m\n is defined by TTgn^gm(x) = 

J2 a;*^"" for X <E¥g^. 

0<i<n/m — 1 

JH ■ A normal basis of ¥qn over Fg is a basis of the form N — {a, a'', • • • , a'' }, where a is 

- -' called a normal element of Fgn over Fg. It is well-known that there exists a normal basis for 

every finite field extension ¥qn over ¥q. 

Let {a, a'?, • • • , a*" ^ } and {/3, • • • , ^ } are two normal bases of F^™ over Fg, if 

then {(3,(3'^,--- ,13'^'^ ^} is called the dual basis of {Q,a*,-- - ,a^" ^}. It a — (3, then the 
normal basis {a, a', • • • , a*" ^ } is called self-dual. 

It is well-known that normal bases and self-dual normal bases over finite fields are very useful 
for some fast arithmetic computations (For example efficient exponentiation, as q-th power of 
an element is only a cyclic bit-shift of its coordinate vector). They are used to design simple 
and fast multipliers of finite fields, which is one of the most time-consuming operations. Massey 
and Omura [I] patented a hardware multiplier under normal bases over F2 and modifications 
of this multiplier can be found in [31 |3J HJ [SI [3] . Normal bases have also been implemented 
efficiently in software, see, for example, [71[Hl[n]- Generally, it is known that normal bases and 
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self-dual normal bases have wide applications such as in coding theory, cryptography, signal 
processing, etc. 

Constructions of normal bases and self-dual bases have been extensively studied in the past 
two decades. A non exhaustive list of references is [lOl [11] [T2j [131 [M] . The latest results can be 
found for instance in [T3] and [Tl], where explicit constructions of self-dual (integral) normal 
bases in abelian extensions of finite and local fields were given. 

The followings are standard results about normal bases. 

Theorem 1.1 (The normal basis theorem) For any prime power q and positive integer n, there 
is a normal basis in F^n over ¥q . 

Theorem 1.2 fT5] There is a self-dual normal basis ofWq^ over ¥q if and only if one of the 
following is true. 

1) q and n are odd; 

2) q is even and n ^ (mod 4). 

A vector (oq, Oi, • • • , a„_i) in is called to be symmetric if = a„_i for alH = 1, . . . , n — 
1, and a polynomial f{x) = oq + aix + a2X^ -I- • • • -I- an~ix^~^ in Fg[a;]/(x" — 1) is symmetric 
if ai = a„_i for all i, 1 < i < n — 1. 

For a G Fgn, let Oi — "Tiqn\q{a • a* ), < i < n — 1. Throughout the paper, the vector 
a — (ao, fli, • • • , fln-i) G IFg is called the corresponding vector of a, and the vector a can 
be viewed as the trace self-orthogonal relation of a. It is obvious that a and f{x) = 
OiX^ are both symmetric. 

0<i<n-l 

Our interests in normal bases with good trace self-orthogonal relations stem both from 
mathematical theory and practical applications, here we mean by good that the corresponding 
vector of a normal element has the lowest possible Hamming weight. For example, by using nor- 
mal bases with good trace self-orthogonal relations, one can build a more simpler corresponding 
relation between trace functions on finite field and boolean functions on F2 . When a normal 
basis is used, the function f{x) — Tr2n\2{x'^) G F2n[x], 1 < d < 2" — 1, can be transformed to 
the so-called rotation symmetric boolean function over Fj, where rotation symmetric boolean 
functions have been found to have important applications in the design of cryptographic algo- 
rithms |16| . Let a 6 F2n be a normal element, then x — xoa + xio^ -!-••• + x„_ia^ for all 
X G ¥2^, where {xq, ■ ■ ■ ,Xn~i) G Fj. In the case that d = 2' + 1(0 < i < n), 

Tr2.|2(a;i+2') 

= Tr2"|2((a;oa + a^iQ!^ + • • • + a;„-iQ!^" )(a;o"^' + + ■ ■ ■ + Xn^ia'^' )) 

= Tr2'^\2iaa^' ' + aa^' '){xoXj + xiXj+i ~\ a;„_ia;j_i) 

l<]<\n/2] 

+Tr2^^\2iaa'^'){xo H hx„_i) 

— fa {-^0 1 ' ' ■ ; *^n — 1 ) • 

Thus if the corresponding vector of a has fewer Is, the rotation symmetric function fa{xo, • • • , a;„_i) 
has fewer cycles. 

At the practical aspect, by using normal bases with good trace self-orthogonal relations, 
one can achieve high computation efficiency in the implementations of finite field arithmetic in 
some cryptography systems or communication systems. For example a self-dual normal basis 
multiplier was presented by Wang [5] with very low complexity. Whenever ¥2^ doesn't has a self- 
dual normal basis over F2, we can similarly design multiplier by using normal basis with good 
trace self-orthogonal relations to reduce the number of trace Tr2n\2{oi^~^'^ ^^') computations. 

While by Theorem II. 2 [ there doesn't exist self-dual normal basis of F2>i over F2 when 4|n. 
Therefore for any n with 4|n, one can ask the following questions naturally. 

(1) What the trace self-orthogonal relation of a normal basis of F2n over F2 should be? 

(2) What is the lowest possible Hamming weight of the vector corresponding to a normal 
basis? Or generally what does a valid vector in Fg corresponding to a normal element look 
like? 
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(3) For a given valid vector in Fj, can one construct a normal element of ¥2^ over F2 
corresponding to such a given vector? 

To our knowledge, there have not been such researches. In the present paper, we focus 
our attention on the above questions. Characterizations of special differential factorizations of 
some polynomials will be given, by which we obtain the necessary and sufficient conditions for 
a vector corresponding to a normal element of ¥2^ over F2 where n is a 2-power or an odd 
number. Also we present an algorithm to find normal elements corresponding to a prescribed 
vector, and show that there exists a normal element of F2" over F2 for every n with 4|n such 
that the Hamming weight of its corresponding vector is 3, which is the lowest possible Hamming 
weight. 

For our method to work, we define the generalized reciprocal polynomial of a polynomial in 
F2™[z]/(z" — 1) as following. 

Definition 1.3 Let g{z) = ^ biZ^ S F2m ~ 1); reciprocal polynomial of g{z) is 

0<j<n-l 

defined as 

g*{z)= (modz"-l). 

0<i<n-l 

This paper is organized as follows. In Section 2, some facts about normal bases are in- 
troduced, and a few Lemmas which will be used are listed. In Section 3, we characterize the 
necessary and sufficient conditions for h{z) = g{z)g*{z) (mod (2,2:" — 1)) for n = 2", and the 
necessary and sufficient conditions for a vector to be a corresponding vector of a normal ele- 
ment of F22S over F2. In Section 4, we characterize the necessary and sufficient condition for 
h{z) = g{z)g*{z) (mod (2,z" — 1)) in the odd case n, and present a necessary and sufficient 
condition for a vector to be a corresponding vector of a normal element of F2" over F2 where 
n is odd. Furthermore we give an algorithm to find such normal elements with a prescribed 
corresponding vector when n = 2" or n is odd. Some necessary conditions for a vector to be the 
corresponding vector of a normal element of F2>i over F2 where 4|n are obtained in Section 5. 
We give the combination method to construct a normal element with good trace self-orthogonal 
relation. Especially we can find a normal element of F21 over F2 such that the Hamming weight 
of its corresponding vector is 3 for every n with 4|n. 

2 Preliminaries 

We make the convention that all polynomials and all arithmetic about polynomials are assumed 
to be in the ring Fq[a;]/(a;" — 1) in this paper, where g is a 2-power. For simplicity, sometimes 
we use (f(x),g{x)) to represent the greatest common divisor of f{x) and g{x). This section 
contains some Lemmas about polynomials in Fg[a;]/(a;" — 1). 

Theorem 2.1 Jj7| / Let a € ¥2^^ and Ui = Trqre|^(aQ;'^ )(0 < i < n ~ 1). Then a is a normal 
element 0/ F^n over Fg if and only if the polynomial N{x) = ^ aix' G ¥q[x] is relatively 

0<j<n-l 

prime to — 1. 

Theorem 2.2 J 18^ Let a be a normal element 0/ F^n over ¥q. f3 — ^ Cia"^ is also a 

0<i<n-l 

normal element if and only if the polynomial N{x) = ^ CiX^ € ¥q[x] is relatively prime to 

0<i<n~l 

- 1. 

For symmetric polynomials in Fq[a;]/(a;" — 1), we have the following Lemma 2.3. 
Lemma 2.3 Suppose f{x) = ^ a^x* G ¥q[x\ with — \ is symmetric and is relatively 

0<i<ri-l 

prime to — 1. Let f^^{x) — ^ bix' G ¥q[x] be the unique polynomial such that f{x) ■ 

0<i<n-l 

f~^{x) = 1 (mod a;" — 1). Then f^^{x) is symmetric, relatively prime to x" — 1, and its 
constant term is 1. 
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Proof. Since f{x) ■ f ^(x) = 1 (mod a;" — 1), there exists a polynomial g{x) G Fg[a;] such that 
It is easy to see that {f~^{x),x" — 1) = 1 and the condition that f{x) = ^ a^a;' is 

0<i<Tt-l 

symmetric is equivalent to f{x) = f*{x). 
From equation ([!]) we have 

rix)r'*{x)^l (modx"-l). (2) 

Thus by equations ([T]) and ([2|) we get 

fix){f-Hx)-r'*ix))^0 (modx"-l). (3) 

Since (/(a;),a;" — 1) = 1, from ([3]) we deduce that f^^{x) = f^^*{x), which proves that 
f~^{x) is symmetric. 

Considering the constant terms of equation ([1]) , we obtain 

0<i,j<n — l,i+j—n 

Since f{x),f~^{x) are symmetric, aibj — an-ibn-j for all < < n — 1. Thus for odd 
n, J2 "-ibj = S ai6j + a-n-ibn-j = 0. So 

0<i,j<n-l,i+j=n 0<i<n/2,0<j<n-l,i+j=n Q<i<n/2,()<j<n-l,i+j=n 

from (jH) aobo = 1, which proves that the constant term bo of f~^{x) is 1. 

For even n, we show that a„/2 = ^n/2 = firstly. Otherwise suppose a„/2 = Ij then 
the symmetric polynomial f{x) = 1 + a;"/^ + ^ ai(x* + a;"^*) have a divisor x — I, 

a<i<n/2 

contradictory to the assumption that — 1) = 1. Similarly b„/2 = 1 is impossible. 

Therefore "i^j = J2 atbj+ J2 an-j6n-j + 

n<i,j<n-l,i+j=n 0<i<7i/2,0<j<n-l,i+j=7i ()<i<n/2,0<j<n-l,i+j=n 

a„/2^n/2 ~ 0. So from equation (U) we have ao&o — 1 and it follows again that bo — 1, which 
completes the proof. ■ 

Also we give the following obvious lemma without providing the proof. 

Lemma 2.4 Let fa{x) = J2 o.,x' G FJa;]/(x"-l) and fb{x) = J2 ^ix' £ FJa;]/(a;"- 

0<i<Ji-l 0<i<ri-l 

1) be symmetric polynomials. Then fc{x) = fa{x)fb{x) — ^ Qx' G Fq[a;]/(a;" — 1) is also 

0<i<n-l 

symmetric. 

Theorem 2.5 Let j3 G Fgn and a = ^ Cif^"^ , Ci £ ¥q with corresponding vectors a = 

0<i<n-l 

(ao,ai,--- ,a„_i) and b ^ {bo,bi,--- ,6„_i) respectively. Then fa{x) = /b(^) = 

0<i<ri-l 

J2 hx\ and fc{x) = J2 c^a;* satisfy 

0<i<n-l 0<i<n-l 

fa{x) EE /f,(a:)/,(a;)/:(x)(mod a:" - 1). 
Proof. Let the circulant matrix over F^ 

/ Co Ci C2 . . . c„_i \ 
C„-l Co Ci ... C„_2 
Cn-2 C„-_i Co ... C„_3 



C [co,Ci,C2, . . . ,C„_i] 



V Ci C2 C3 . . . Co / 
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and denote by the transpose matrix of C. Since a — ^ CiP'' , Ci £ Fg, we have 

0<i<n-l 



/ a \ 




( ^ \ 










= C 




V ) 







(5) 



Multiplying ([S]) by its transpose [c 



, . . . , 



x?" = (^/3,/39,...,/39" C^, we obtain 



(6) 



) 



Taking the trace function Tr^ni^ on every elements of matrices in both sides of (jG]), we have 

[ao,ai,a2, . . . ,a„_i] = C[&o, ^i, 62, • • • , &ri-i]C'^- 
Denote J„ to be the following circulant matrix over Fg, 



(7) 



J„ = [0,1,0,...,0] = 



/ 1 
1 





V 1 



Then for a circulant matrix A over Fg, we have 

A = [ao, ■ • ■ , a„_i] = ao J° + ai J„ + a2 J,^ + 



\ 





1 

/ 



+ a„_i J" ^. 



Let fa{x) = X] Oi^:*, /fc(a::) = ^i^' /c(2;) = "^i^;*. Then ([7]) can be 

0<i<n-l 0<i<n-l 0<i<n-l 

rewritten as 

fa{Jn) = MJn)fc{Jn)f:{Jn). 



Since the minimal polynomial of J„ is a;" — 1 = 0, by the above equation we can deduce 



that 



faix) = Mx)f,{x)f:{x){mod a;" - 1). 



3 The Case n = 2' > 4 

Suppose q = 2 in this section. For the following two sets we let n — 2* > 16, 

G" = {(z3,-- - ,^n/2-i)eF^/'-^}, 



and 



H 



" = {(y3,---,y„/2-i)eF^/^-^} 



Lemma 3.1 For (23, • 



i/2- 



.1) e G" and n = 2'' for s> 4, let 



V3 = hsizs, ■ 
Vb = ^15(2:3, • 

y.y h.y{z3, 



• J Zn/2-1) — Zj + Zj-i, 

• , ^n/2-1) = 2^3 + ^(ri-4)/2, J 

• , 2n/2-l) = + Z4 + Z(„_6)/2: / = 5 
■ ■ I 2n/2-l) 



4 < J < n/2 — 2 and j even; 
'-3; 



= Zji + + 2;(n-i-j')/2 + •20"'-i)/2: 7 < j < n/2 — 1 and j' odd. 
Then (h^, h^, • • • , hn/2-1) defines a one-to-one map from G" to H" when n = 2^* for s > 4. 
Proof. For (23, • • • , Zn/2-1) G G" and n = 2"* for s > 4, let 

hsizs,--- ,Zn/2~l) =0, 



(8) 



, hn/2-liz3,- ■ ■ ,Zn/2-l) = 0. 



It suffices to prove the above boolean system (|5]) has only zero solution (0, 0, • • • ,0) £ F^^^ ^. 

Firstly, for odd j = 4fc + 1 where 9 < j < n/2 — 1, and j — 1, (j — l)/2, (n — j + l)/2 are 
even. Thus by ©, 

hj-i = Zj_2 + ^i-i = 0, 



Hi-i)/2 



Z0-l)/2 + 2:(i-3)/2 - 0, 



(9) 



Hence 



i(n-j + l)/2 — 2(n-j+l)/2 + 2(n-j-l)/2 — 0- 



hj-2+ hj 

= (Zj_2 + + 2j-3 + 2j) + izU-l)/2 + Z(n-j-i)/2 + 2(j-3)/2 + Z(n-3 + l)/2) 

= (hj^i + Zj^3 + Zj) + (/l(j-l)/2 + /l(ri-i+l)/2) 
= Zj-3+Zj. 



(10) 



So Zj_3 = for j = 4fc + 1 > 9. 

By /i3 = /i5 = , /i4 = ^3 + Z4 = and /i(„_4)/2 = 2^(«-4)/2 + 2:(«-6)/2 = 0, we have 

^3 + ^5 = Z3 + Z(«-4)/2 + Z5 + Z4+ Z(„_e)/2 = /l4 + /l(„-4)/2 + Z5 = 0. So Z5 = 0. 

By hn/2-1 = Zn/4 + 2„/4-i + 2„/2-i + 2:„/2_2 = and hn/4 = Zn/4 + z„/4_i = 0. wc havc 

Zn/2-1 — Zn/2-2- 

So 

' Z5 =0, 

h2j = Z2j-i + Z2j = 0, for all 4 < 2j < n/2 — 1 

Zj_3 = Zj. for all 9 < j = Ak + 1 < n/2 - 1 

Thus zq = since Z5 = and he = z^ + zq =0. By zg = we have zg = zg = since 
Zj_3 = Zj for all 9 < j = Ak -\- 1 < n/2 — I. Thus zio = since zg = and hio = zio + zg = 0, 
and so on. By this procedure we deduce that 



Zi = Zi_i =0, i = 2 (mod 4), 3 < i < n/2 — 1, 
Zn/2-1 = 0. 



(11) 



Now let j = 4fc + 1 and k = 1 (mod 2). Then j - 1 = 4 (mod 8), and j = I (mod 4), 



(j-l)/2 = 2 (mod 4), (n-j-l)/2 = 1 (mod 4). Thus for j > 5, 



Zij-l)/2 - Z(„_j_i)/2 



= 



by ([TT|) . and /ij = Zj + Zj_i + Z(j_i)/2 + '^{n-j-\)l2 = Oi which gives Zj_i = Z4fe = for A: > 1. 
In the case of j = 5, Z5 = Z(„_5_i')/2 = by (fTT|) . and /15 = Z5 + Z4 + Z(„_5_i)/2 = 0, so similarly 
Z4 — 0. Generally by /i4fe = Z4fe + Z4fe_i = 0, we have 



= Zi_i =0, i = 4 (mod 8), 3 < i < n/2 - 1. 



(12) 



Assume j = 4fc + 1 and k — 2 (mod 4). Similarly by considering hj = Zj + Zj_i + Z(j_i)/2 
Z(n-3-i}/2 = = 0, we can get 



0, 



8 (mod 16), 3 < i < n/2 - 1. 



(13) 
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Generally when j = 4fe + 1 and fc = 2* (mod 2*+^), where 2* < n/16, i.e. < t < s — 4, we 
have 

= =0, i = 2*+2 (mod 2*+3), 3 < i < n/2 - 1. (14) 



By ((n|),(IT2]),(IT3l),(IT4l) and 

s-2 

{Z3,Z4, ■ • • ,Zn/2~2} = U 
t=l 

wc know that the only solution of the boolean system (jS]) is 



*=1 3<'i=2'(mod 2'+i)<n/2-l, 



{Z3, 24, ■ • • , Z„/2-2, ^n/2-l} = (0, 0, ■ • • , 0) G 



r»/2-3 



Theorem 3.2 Let h(z) = a^^' ^ F2[z]/(z" - = 2" /or s > 2, and aq = 1. Then 

0<i<n-l 

/i(z) — g{z) ■ g{z)* for some g{z) = J2 ^i^^ ^ ]F2[2;]/(2;" — 1) if and only if h{z) G H , where 



0<j<n-l 



H={h{z)= a.^' eF2[z]/(z"-l) 

0<i<n-l 



E = 0, 

0<i<n/2-l,('i,2) = l 

ao = l,a«/2 = Ot 

Oi — On-i for all 1 < z < n/2 — 1. 



(15) 



Furthermore, every h(z) G H has a unique factorization h{z) — g{z) ■ g*{z) for some g{z) G 
G, where 



G={g{z)= J2 M^eF2[2]/(z"-l) 



0<i<n-l 



bo = l,6„_i = 0, 
h = K-3 = 0, 
hi = hn-i-i for all i = 1,3,4, ■■■ , n/2 - 1. 



(16) 



Proof. Firstly it is easy to deduce that the condition that h{z) = g{z)g*{z) for some 
g{z) G F2[2;]/(z" — 1) is equivalent to the following equation system having a solution: 

ho{z(i,- ■ ■ ,Zn-i) = H hz„_i=ao = l, 

/ll(zo, • • • ,Zn-l) ^ ZoZi + ZiZ2 + Z2Zz H h Zn-lZQ = a„_i, 



+ ZoZn/2 + ZiZn/2+l + ■ 



■ + Z„/2-lZ„-l (17) 
+ ^n/2-l2ri-l — an/2, 



, hn-l{zii,--- ,Zn-l) = ZQZn^i + ZiZo + Z2Z1 -\ h 2:„_ i Z„_2 = ■ 

In the above equation system, it is obvious that for 1 < j < n/2 — 1, 

hj{zQ, ■ ■ ■ , Zn~l) = On-j 

= ZQZj + ZiZi+j + Z2Z2+J H h Z„_lZj_l 

— ZQZ-fi—j Z\Z'[i—j^\ 4" ■ ■ ■ ^^ ^n— l^n— J — 1 
= Oj — hn~j{zo, ■ • • , Z„_l). 

And for i — n/2, 

hn/2{zo, • • • ; Zn-l) = an/2 

= -^0^71/2 + ^l^n/2+1 + • • • + Z„/2-lZn-l + 20^n/2 + 2:iZ„/2+l + ' ' ' + Z„/2-l2„-l 

= 0. 
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Thus a necessary condition for h(z) = g{z)g*{z) is at = an-t for all 1 < i < n/2 — 1, and 
— 0- Thus (jl7|) is equivalent to 



ho{zo, • • • , Zn~l) 
hl{zo, ■ • ■ , Zn-l) 



Zo H h Zn-i = 1, 

zqzi + ziZ2 + Z2Z3 H h z„_izo = ai, 



(18) 



, hn/2-l{zn, • • • , ^n/2-l) — ZoZn/2-1 + ZlZn/2 + ' " ' + 2„_iZ„/2-2 — an/2-1- 



(Necessity) It is left to prove the necessary condition that ^ ai — 0. 

0<i<n/2-l,(i,2) = l 

If h{z) = g{z)g*{z) for some g{z) = ^i-^* £ F2[2:]/(z" - 1), then (60,61, • • • ,6«-i) £ 

0<i<n-l 

is a solution of the equation system ([T8|) . 

Since /io(6o, 6„_i) = 60 H l-6„-i= ^1+ 6^ = 1 and 412"* = n, 

(i,2)>l (i,2) = l 

( E • ( E = 0- 

(i,2)>l (i,2) = l 



So we have 



(i,2)>l (i,2) = l 

= E E 

(i,2) = l,l<j<n/2-l 0<j<n-l 

= 6061 + 6162 + 6263 H 1- 6„_i6o 

+6063 + 6164 + 6265 H + 6„_i62 



+6o6„/2-i + 6i6„/2 + 6264 H h 6«-i6„/2-2 

= /ii(6o, • • • , 6„-i) + /i3(6o, • • • , 6„-i) H h /i„/2-i(6o, • • • , 6n-i) 

= ai + 03 + 05 H h a„/2-i 

E = 0. 

0<i<n/2-l,(i,2) = l 

(Sufficiency) It is easy to verify the sufficiency for two cases s = 2,3, i.e. n = 4, 8. So we 
assume s > 4 in the following. It is obvious that the sets H and G all have 2"/^"^ elements. 
Thus it is sufficient to prove the following map 

P: P{g{z))^g{z)-g(zr for g{z)€G 

is an injective map from G to H . 

By (|17p . g ■ g* is equivalent to a boolean equation system. So we should prove the map 
P' : P'{zo, zi, • • ■ , Zn-i) = {hoizo, • • ■ , z„_i), • • • , /i„_i(zo, • • • , 2;„_i)) is an injective map from 
G' to i/', where 

hj{zo,- ■ ■ ,Zn-i) ^ ^ z^z^+j, < j < rt - 1. 

0<j<Ji-l 

And 



G'=l (zo,-- - ,z„_i) gF^ 



and 



(yo,-- - ,yn-i) e F^' 



ZO = 1, Zn-l = 0, 
Z2 = Zn-3 = 0, 

Zi = Zn-i-i for all I < i =/= 2 < n/2 — 1. 



E = 0, 

0<'i<ri/2-l,(i,2) = l 

yo = i,yn/2 = 0, 

J/i = /or 1 < i < n/2 - 1. 



8 



Now we will prove the quadratic boolean system (jl7p is in fact linear for (zq, ■ • • , Zn-i) G G' . 
Firstly we discuss j e [1, n/2 — 1] in two cases. 

1) For every 1 < j < n/2 — 1 and (j, 2) > 1, the n items ztZi+j^Q < i < n — 1 in 
hj{zQ, • • • , Zn-i) — ZiZi+j can be separated into n/2 pairs. Every pairs are 

0<i<n-l 

ZiZi+j, and z„_i_i_jZ„_i_i, < i < (n - j - l)/2, or i > n - (j + l)/2. 

Since (j, 2) > 1, the two items ZiZi+j and z„_i_i_jZ„_i_i are different for all < * < 
{n — j ~ l)/2, and i > n — (j + l)/2. Otherwise i = n — i — \ — j (mod n). So the congruence 
equation 2i = n — 1 — j (mod n) has solutions, which is impossible for (j, 2) > 1. 

Because (zq,--- G G", we have Zi = Zn-i-i and Zi^j — Zn-i-i-j for i 7^ 0. When 

i = 0,zq — 1 ^ Zn-i — 0, the item pairs zqZj = Zj and z„_i_j2;„-i — 0. When i = n — j, the 
item pairs z^Zi-i-j = z„_jZo = -Zn-j = ^j-i E^nd Zj_iz„_i = 0. So in the even j case, 

hj{zQ, ■ ■ ■ , Zn~l) = ZiZi+j 
0<i<n-l 

0<i<(n-j-l)/2,i>n-(j + l)/2,i#0,n-j 
+ {zoZj + Z„_i_jZ„_i) + (z„_jZo + 2„_]^_(„_j)Z„_i) 
= (zqZj + Z„_l_jZ„_l) + (z„_jZo + Zj^lZn-l) 

2) For every 1 < j < n/2 — 1 and (j, 2) = 1, there are two solutions i = (n — 1 — j) /2, n — 
(j + l)/2 for the congruence equation i = n — i — 1— j (mod n). Thus the item z^Zi+j is equal 
to z„_i_i_jZ„_i_i for i = (n — 1 — j)/2, n — {j + l)/2. In these two cases, ZiZi^j = 2(n-i-j)/2 
when i = (n - 1 -j)/2, and z^Zi+j z„_(i+j)/2 2;(i+j)/2-i = ^(j-i)/2 when i = n-{l+j)/2. 

And for < i < (n — j — l)/2,i > n — (j + l)/2,i ^ 0, n — j, the item pair ZiZi^j and 
^^n-i-i-j-Zn-i-i a^c different. In these cases z^Zi+j + z„_i_i_jZ„_i_i = 0. 

Similarly, when i = 0, the item pairs ZQZj — Zj and z„_i_jZ„_i = 0. When i = n — j , the 
item pairs ZiZi-^-j = Zn-jZQ ~ Zn-j — -^j-i and Zj_iz„_i = 0. 

So the n items z^Zi+j, 0<i<n — lin hj{zo, • • • , z„_i) = ^ Zi j^j C 0j11 be separated 

0<i<Tl-l 

into (n — 2)/2 + 1 pairs. Therefore for odd j, 



hj{zo, • • • , z„_i) 



- 'Y Zi Zi^j 
0<i<n-l 

" {ZiZi^j Zji — i—l—jZ^ — i—l^ 

0<i<(n-j-l)/2A>n-{j + l)/2,i^0,n-j 

+ Z(n-l-j)/2Z{„+j-l)/2 + Zn-(l+j)/2Z(j-l)/2 

+ (zoZj + Z„_i_jZ„_i) + (z„_jZo + Z„_x-(n-j)^ 

f ^(n-l-i)/2Z(n-l-j)/2 + Z0-l)/2^(i-l)/2 J 7^ 1 

^ I +(zoZj + Z„_i_jZ„_i) + (z„_jZo + Zj_iZ„_i) 

Z(n-l-j}/2Z(n-l-3)/2 + ^n-l^O J = 1 

+ (zoZj + Z„_l_jZ„_l) + (z„„lZo + Zj_lZ„_l) 

^{n-l-j)/2 + Z{j-l)/2 + Zj + Zj_i i 7^ 1 

Z(n-l-j)/2+ Zj j = 1- 



3) For J = 0, we know that if (zo, • ■ • , z„_i) G G", z^ + z„_i_i = for 1 < i < n/2 — 1 and 
zo + z„_i = 1, so /io(^:o, • • • ,z„-i) = zoH l-z„_i = (zo + z„_i)+ X) (2i + z„_i_i) = 1. 

l<i<n/2-l 

4) For n/2 < J < n — 1, it is easy to see that hn/2{zo, • ■ • , Zn-i) — and hj{zo, • • • , z„_i) = 



hn-j{zo, ■ • ■ , z„_i). 
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To sum up, for (zq, • 



yo 
yi 
y2 
ys 
yi 
y5 
ye 
yr 

yj 

y'. 

yn/2-l 

yn/2 

yn/2+1 



hi{zo, 
^12(20, 

hrizo, 



, Zn-i) G G' we have 



,Zn^l) 
,Zn^l) 
,Zn-l) 
,Zn-l) 
, Zn-l) 
, Zn-l) 
, Zn-l) 
, Zn-l) 



= 1, 



Z{n-2)/2 + Zl, 
Z2+ Zi = Zl, 

Z3 + Z2+ Z(„-4)/2 + Zl = Zl + Z3 + Z(„_4)/2, 
Z4 + Z3, 

Z5 + Z4 + Z(„_6)/2 + Z2 = Z5 + Z4 + Z(„_6)/2, 
Zq + Z5, 

Z7 + Ze + Z(„_8)/2 + Z3, 



hj{zo, • • • , Zn-l) = Zj + Zj^iJ > 2 even, 

h'j{zo, ■■■ , Zn-l) = Zj' + Zj/_i + Z(„_i_j/)/2 + Z(j/_i)/2, j' > 5 odd, 

hn/2-l{zo, ■ ■ ■ , Zn-l) = Z„/4 + Z„/4_i + Z„/2-l + ^n/2-2; 
hn/2-lizo, ■■ ■ 1 Zn-l) = 0, 
hn/2+l{z0i ■ ■ • 1 Zn-l) — Z/n/2-li 



(19) 



yn/2+j — hn/2+j{zo, ' ' ' 7 Zn-l) — yn/2-j, 
K. y-n-l = hn-l{zo,- ■ ■ ,Zn-l) = yi- 

By IHl), we get 



E yj 

l<j<n/2-l,{j,2) = l 

= hi+h3-\ h hn/2-1 

E z,+ J2 z, 

l<i<n/2-l,i#2 l<i<n/2-l,i^2 

= 0. 



(20) 



So we have proved that for all (zq, • • • , z„_i) G G' : P'(zo, • • • , z„_i) G H' , this means that 
for all g{z) G G : P(g(z)) G H. 

On the other hand, by (fT51) . (I^Dl) . and Lemma 3.1, P{g{z))s are different for different 
g(z)s G G. 

So we have proved that P{G) — H , and every h have a unique factorization h = g ■ g* for 
some g £ G. m 

Remark 3.3 It should be noted that the factorization is not unique if g{z) ^ G. Also if n ^ 2'^ , 
then there is possible no factorization for h{z) G H . 

Lemma 3.4 Let n be even, fa{x) — E '^i^^ ^ F2[a;]/(a;" — 1) and fb{x) — ^i^^ ^ 

0<i<n-l 0<i<n-l 

F2[a;]/(a;" — 1) are symmetric polynomials with oq = bo = 1, an/2 — — 0- Suppose 

fc{x) = fa{x)fb(x) = J2 c,;a;* G ¥2[x]/{x" - 1). Then cq = 1, c„/2 = 0, and 

0<i<n-l 

Ci = ^ (ai + 6i). 

l<i<ri/2-l,(i,2) = l l<i<n/2-l,(i,2) = l 

Proof. Since fa{x) and /&(a;) are symmetric, /c(a;) is symmetric by Lemma 12.41 Also 

l<i<ri/2-l,(i,2) = l ■n/2+l<i<?i-l,(i,2) = l l<i<Ti/2-l,(i,2)=2 ri/2+l<i<»i-l,(i,2)=2 

^ = ^ ^ = ^ 6,. 

l<i<n/2-l,(i,2) = l n/2+l<i<n-l,(i,2) = l l<i<n/2-l,(i,2)=2 n/2+l<i<n-l,(i,2)=2 
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Note that when n is even, the odd exponent term Cix"^ in fc{x) can only be obtained by 
multiplying ajx^ in fa{x) and bkx'' in fb{x) under the condition that j ^ fc(mod 2). Hence 

c, ^ 2- "j- ^» 

l<i<n/2-l,(i,2) = l l<j<n/2-l,0\2) = l l<fe<n/2-l,(fc,2)=2 

+2- H 

l<fe<n/2-l,(fc,2) = l l<j<n/2-l,(i,2)=2 

+ ^ Oi + ^ hi 

l<i<n/2-l,(i,2) = l l<i<n/2-l,(i,2) = l 

l<i<n/2-l,(i,2) = l 

Similarly, co = 1 and c„/2 = can be easily verified. ■ 

Theorem 3.5 For n ~ 2^ > 4, there exists a normal element 0/F2" over ¥2 corresponding to 
vector (ao, ai, • • • , a„_i) £ F2 , if and only if 

1) ao = 1, a„/2 = 0, 

Oi = On-i for all 1 < i < n/2 — I, 

3) E a. = 1- 

l<'i<n/2-l,(i,2) = l 

Proof. (Necessity) Let a be a normal element of F2" over F2, and its corresponding vector 
is (ao,ai,-- - ,a„_i) e Fj. Then obviously ao = Tr2..|2(a • ) = Tr2..|2(a) = 1, a„/2 = 
Tr2n|2(a • a^"'^) = Tr2„/2|2(Tr2„|2>^/2(Q^ • a^"^')) = Tr2„/2|2(0) = 0, and a, = Tr2-x|2(a • a^') = 
Tr2"|2(a • <^^" ') = o-n-i for all 1 < i < n/2 — 1. 

Let u = E ■ Then = E o;^^ j ^nd Tr2n|2(a) = u + u'^. Because 

0<j<)i-l,(i,2) = l 0<j<n-l,(j,2)=2 

Tr2ii|2(a) = ao = 1, u + = 1 = + 1), and = m + 1. Hence 

E «^ - E E ("^"")" 

l<i<n/2-l,(j,2) = l l<j<n/2-l,(i,2) = l 0<j<n-l 

= ( E E "'^■) 

0<j<n-l,('i,2) = l 0<j<n-l,(j",2)=2 
= 1. 

(Sufhciency) Suppose (ao,ai,-- - ,a„_i) G satisfies conditions l)-3), we find a normal 
element a of F2" over F2 such that Tr2n|2(a^^^ ) = for all < i < n — 1. Let fa{x) = 
E aix\ 

0<i<n-l 

The well-known normal basis theorem Theorem 11.11 tells us that there exists a normal 
element (3 of F2" over F2. Let its corresponding polynomial be fb{x) = E ^i^^ with 

0<i<n-l 

bi = Tr2n |2(/3^'*'^ ). From the above necessity part proof, we see that fb{x) is symmetric with 
60 = 1, and E = 1- 

l<i<n/2-l,(i,2) = l 

Obviously {fb{x),x'^ - 1) = 1 when n = 2". Let /^"^(j;)(mod a;" - 1) = E By 

0<i<n-l 

Lemma 12.31 60 = 1, fj^^{x) is symmetric and relatively prime to — 1, which also implies that 

K/2 = 0. 

Since fb{x) ■ fb^i^) = 1 in the polynomial ring F2[a;]/(a:" — 1), by Lemma [3.41 we have 
{bi + b',) = 0. Therefore 

l<j<n/2-l,(i,2) = l 

E b'^= E b. = i. 

l<i<n/2--l,(i,2) = l l<!<n/2-l,(i,2) = l 
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Let h{x) = fa{x) ■ f^^{x) ^ h^x' e F2[a;]/(a;" - 1). Again by Lemma[3H h{x) is 

0<i<n-l 

symmetric, /iq = 1, = 0, and 

l<i<n/2-l,(i,2) = l l<i<n/2-l,(i,2) = l 

So is in the set H defined by Theorem 13.21 Thus we can find a unique solution 

di^) — Cia;* in the set G defined in Theorem 13.21 such that h{x) = g{x)g*{x). It can be 

0<i<n-l 

easily verified that {g{x),x" — 1) = 1. 

Now let a = ^ . Theorem 12.21 shows that a is a normal element of F2" over F2. 

0<i<n-l 

Furthermore h{x) = g{x)g*{x) means that fa{x) — fb{x)g{x)g* (x). By Lemma 12. 5[ we know 
that the corresponding vector of the normal element a is the given vector (ao, oi, • • • , a„_i). ■ 



4 The Case odd n 

Theorem 4.1 Let h(z) = J2 o.,zJ e F2[z]/(z" - 1) for odd n. Then h{z) = g{z)g*{z) for 

0<j<n-l 

some g{z) = ^ fe^z* G F2[2:]/(z" — 1) if and only if h{z) is symmetric. 

0<i<n-l 

Furthermore, every symmetric polynomial h{z) — ^ aiZ* G F2[2;]/(2;" — 1) has a fac- 

0<i<n-l 

torization h{z) = g{z)g{z)* such that 



-'2i(mod n)^ ■ 

0<i<n-l 

Proof. (Necessity) It is easy to deduce that the condition that h{z) = g{z)g{z)* for some 
g{z) G F2[z]/(2;" — 1) is equivalent to the following equation system having a solution: 

ho{zo, • • • , Zn~l) ~ Zq + ■ ■ ■ + Zn-1 — Oq, 

hi{zo, ■ ■ ■ ,z„-i) = zqZi + Z1Z2 + 222:3 H 1- 2n-iZo = a„_i, 

. (21) 

/i„_i(zo, • • • ,z„_i) = zoz„_i + zizo + Z2Z1 H h z„-iz„_2 = oi- 

In the above equation system, it is obvious that for 1 < j < {n — l)/2, 

hj{zQ, • • • , Zn-l) = On-j 

= ZQZj + zizi+j + Z2Z2+J H h z„„izt_i 

= Oj — hn^j{zQ, ■ ■ ■ ,Z„_i). 

(Sufficiency) Suppose that h{z) — J2 0,%^^ ^ F2[z]/(z" — 1) is symmetric. Let g{z) = 

0<i<n-l 

T, hz' where b, = a2.(mod«)- 

0<j<n-l 

It is easy to see that the set {oq, • • • ,a„-i} is a reassignment of {feo, ■ ■ • ,^n-i} because 
(71, 2) = 1. Since Oi ~ On-i for I < i < {n — l)/2, we have bi = bn-i for 1 < i < {n — l)/2. 
Thus g[z) = g*{z). So 

g{z)-g*iz) = ig{z)r = hiz). 



Theorem 4.2 For oddn, there exists a normal element o/F2n over F2 corresponding to a vector 
{ao,ai,- ■ ■ ,an-i) ^^2, if and only if fa{x) = ^ Oix'' is symmetric and {fa{x), .t" — 1) = 

0<'i<n-l 

1. 
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Proof. (Necessity) Since = Tr2n|2(a^'''^') = Tr2r^\2{a^^'^'^ ') for all i e — 1], (ao,ai, 
• ■ • ,a„_i) is symmetric. By Theorem 12. 1[ we have {fa{x), — 1) = 1. 

(Sufhciency) Suppose that (ao,ai, • • • ,a„_i) e F2 satisfies {fa{x), a;" — 1) = 1, we find a 
normal element a of Fon over F2 such that Tr2>.|2(a^+^') = a, for all < i < n - 1. 

By the well-known normal basis theorem Theorem II. 1[ there exists a normal element (3 of 
F2" over F2. Let its corresponding polynomial be fb{x) = J2 ^i^^ with bi = Tr2n|2(/3^^^ )• 

0<j<Ji-l 

From the above necessity part proof, we see that fb{x) is symmetric and {fb{x), — 1) = 1. 
Let ff^^{x){mod — 1) = ^ K^^- By Lemma [2?3l fb^i^) is symmetric and relatively 

0<i<n-l 

prime to — 1. 

So h{x) — fa{x)ff^^{x) is symmetric and relatively prime to a;" — 1 by Lemma 12.41 From 
Theorem 14. 1[ there is a solution g{x) — ^ Cix'' such that h{x) = g(x)g*{x). It can be 

0<i<ri-l 

easily verified that {g{x),x'^ — 1) 1. 

Now let a = ^ Ci0^ . Theorem 12.21 shows that a is a normal element of F2" over F2. 

0<j<n-l 

Furthermore h{x) = g{x)g^^{x) means that fa{x) = fb{x)g{x)g* {x). By Lemma [2.51 we know 
that the corresponding vector of the normal element a is the given vector (ag, ai, ■ • • , a„_i). ■ 
Finally for n = 2* > 4 and odd n, we give the following algorithm to find a normal element 
of F21 over F2 corresponding to a given vector (ao, ai, ■ • • , On-i) G 1^2 ■ 

Algorithm 4.3 

Input: (ao, ai, • • • , a,i_i) S Fj , where n = 2^ > A or n is odd. 

Output: A normal element o/F2n over F2 such that Tr2n|2(a^^^ ) = a,i for allO <i < n—1. 

Step la: For n = 2* > 4, check whether (aq, ai, • ■ • , a„_i) G Fj satisfies oq — 1, a„/2 — 0; 
0"i = o-n-i for 1 < i < n/2 — 1, and ^ Oi = 1. If not, then output "There isn't 

l<j<n/2-l,(i:2) = l 

such a normal element". Let fa{x) — ^ OiX^ . 

0<i<n-l 

Step lb: For odd n, check whether (ao,ai, • • • ,a„_i) S Fj is symmetric and [fa{x), x" — 
1) — 1, where fa{x) ~ ^ OiX^ . If not, then output "There isn't such a normal element". 

0<'i<n-l 

Step 2: Find a normal element (3 of ¥2" over ¥2 (for example using the method in fU}/)- 
Step 3: Compute {bo,bi, • ■ • ,6„_i), where bi — Tr2ii|2(/3"'^^^ )• 

Step 4: Use the standard extended CCD algorithm to compute /j|~^(a;)(mod — 1), where 
fb{x) = E bix\ 

a<i<n~l 

Step 5a: For n = 2" > 4, solve the linear system I119\} to find the unique solution g(x) = 
E c,x- of h{x) = fa{x)f^\x) = g{x)g*{x). 

0<i<n-l 

Step 5b: For odd n, compute h{x) ~ fa{x)f^^{x) = ^ hix"^ G F2[a;]/(a;" — 1). Let 

0<i<n-l 

gi^) = E c^x' e F2[a;]/(a;" - 1), where q = /i2jfmod n)- 

0<i<n-l ^ ' 

Step 6: Output a = ^ q/?^ . 

0<i<n-l 

Remark 4.4 The correctness of the above algorithm can be showed by Theorem \3. 5\ and Theo- 
rem \4.S\ The running time of solving linear equation system in Step 5a is 0{n^) ¥2 — operations. 
Thus the expected computation complexity of the above algorithm can be bounded by 0{n^). 

Example 4.5 Let n = 16 and the irreducible polynomial of order 16 be f{x) — x^^ + x^ + x^ + 
a;^ + 1 G F2[a;]. Define the finite field F216 to be ¥2[x\l{f{x)). Suppose 7 G F216 is a root of 
f{x). We want to find a normal element a with corresponding vector 

a = (1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1) G F^^ 

by the above algorithm. 
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Step la: Check whether the vector a satisfies oq — 1, ag, — 0, — aig-i for 1 < i < 7, and 

Oi = 1. Let fa{x) = J2 ttiX' = I + X + x'^^ . 
l<i<7,(i,2) = l 0<i<15 

Step 2: Choose the normal element j3 — 'y + 'y^'^^ 0/F216 over ¥2- 

Step 3: Compute b = (5o,6i,-- - ,615) = (1,0,1,1,1,0,0,0,0,0,0,0,1,1,1,0), where h = 
Tr2i6|2(/3^+2') forQ<i< 15. 

Step 4-' Let fb{x) = J2 ^i^^ — ^ + x^ + x"^ + x'^ + x^^ + x^"^ + x^^ . Use the standard 

0<i<15 

extended CCD algorithm to compute ff^^{x){mod x^^ — 1) = 1 + x + x^ + x^ + x^ + x^ + x^*^ + 
2.11 _|_ 3,13 _,_ ^14 ^ ^15^ 

Step 5a: Compute h{x) = fa{x)f^^{x) (mod x^^ - I) = I + x + x"^ + x"^ + x^ + a;" + x^^ . 
By U9\} solve the linear equation system 



Vo 


= hoizo: ■ ■ 


■ , Z15) 


= 1, 








yi 


= hi{zo, ■ ■ 


■ ,Zl5) 


= Z7 


+ Zl 


= 1, 




y2 


= ^12(20, • • 


■ ,Zi5) 


= Zl 


= 1, 






ys 


= hsizQ, ■ ■ 


■ ,Zl5) 


= Zl 


+ Z3 


+ Ze 


= 0, 


y4 


= /i4(zo, • • 


■ ,Zl5) 


= Z4 


+ Z3 


= 0, 




y5 


= hbizo, ■ ■ 


■ ,Zl5) 


= Z5 


+ Z4 


+ Z5 


= 0, 


ye 


= heizQ, ■ ■ 


■ ,Zl5) 


= ze 


+ Z5 


-0, 




yr 


= hrizQ, ■ ■ 


■ ,Zl5) 


= Z7 


+ Ze 


+ Z4 


+ Z3 = 1, 



we obtain g{x) — ^ CiX^ G G = 1 + .t + a;"'^ + + + x^" + x^"^ , the unique solution of 

0<i<15 

h{x)^ fa{x)f^\x)^g{x)g*{x). 

Step 6: Output the normal element a— ^ Ci0^ = ^ c.i(7 + 7""^^^)^ , where 

0<i<15 0<!<15 



(co,--- ,ci5) = (1,1,0,0,0,1,1,0,0,1,1,0,0,0,1,0). 



5 The General Case 

In this section, we will give some necessary conditions for a vector to be a corresponding 
vector of a normal element of over F2 for general n with A\n. Firstly recall a result about 
constructing a normal element over sub-field from a normal element over a larger field. 

Theorem 5.1 \18^ Let t and v be any positive integers. If a is a normal element ofFqvt over 
¥q, then 7 = 7V^i.t|^t(a) is a normal element of¥qt over ¥q. 

Proposition 5.2 Let n = 2^m, 2" > 4, m be odd. If symmetric vector (ao,ai, • ■ • ,a„_i) £ F2 
corresponds to a normal element 0/F2" over ¥2, then 

m — 1 m — 1 

1) J2 ai2- = 1, L ai2=+2=-i = 0, 

1=0 i=0 

m— 1 

E E ^^2^+k = 1, 

l<fc<2 = -i-l,(fc,2) = l i=0 

3){ E iE^a,m+k)x\x'^ -1)^1. 

0<fc<m-l i=0 

Proof. Let a be the normal element of F2" over F2 with corresponding vector (ao, ai, • • • , On-i)- 
By Theorem 15. 1[ 7 = Tr2ii|22= (a) is a normal element of F22S over F2. Now we consider the 
corresponding vector (ro, ri, • • • , r2=-i) of 7. 
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For every < fc < 2* - 1, 

m — 1 m — 1 m — 1 

r, = Tr,.= |,(7i+^^) = Tr,.= |,((^a^-")i+2^) = Tr,.|,(^ ^(aa^'^^^f") 

m — 1 m — 1 v—71—1 

= E (EE E ( E (-^"'"D 

0</<2=-l 2=0 j=0 0<j<m-l v:=i2^+l,v=0 

E Tr2n|2(aQ;2'' ^ aj2.+fe. 

0<j<m-l 0<j<m-l 

It can be proved that (tq, ri, • • • , r2s-i) is symmetric since (ao, oi, ■ • • , 02= -i) is symmetric. 
Hence by Theorem 13.51 the necessary conditions for (ro,ri,--- ,r2=-i) to be a vector corre- 
sponding to a normal element of ¥22= over F2 are: 

m — 1 m—1 m — 1 

ai2- = E '^»2»+2»-i = 0, and ^ ^ ai2=+fe = 1- 

i=a i=0 l<fc<2=-i-l,(fc,2) = l i=0 

Similarly, by Theorem 15. II (to, ti, ■ ■ ■ , im-i) where ife = ^ aj2'+k for < fc < m — 1 

0<j<m-l 

can be showed to be the corresponding vector of the normal element /3 — Tr2ii|2'"(a) of F2m 

2=-l 

over F2. So from Theorem 14.21 we have ( ^ ( ^ ai,„_(-fc)a;'', — 1) = 1. ■ 

0</£<m-l i=0 

Theorem 5.3 IWI Let n — tv with t and v relatively prime. Then for a G F^i' and j3 G F^t, 
the element 7 = afi is a normal element ofF^vt over ¥q, if and only if a is a normal element 
of¥qv overWq and j3 is a normal element ofWqt overFq. 

By the above theorem, we have 

Proposition 5.4 Suppose symmetric vector (oq, ai, ■ ■ ■ , 023-1) G Fj satisfies ao = 1, an/2 = 
and ^ ai = 1, symmetric vector (60, &i, • • • , &m-i) £ IF™ satisfies ( ^ &ia;*, a;" 

0<i<2s-i-l,(i,2) = l 0<j<m-l 

1) = 1, where m is odd and 2** > 4. T/ien i/iere exists a normal element of F22s,ti over ¥2 
with corresponding vector (co,Ci, • • • ,C2sm-i) G Fj ™ such that Ck = '^kivaoA 23)^A:(mod m) 
< fc < 2^TO - 1. 

Proof. By the above assumptions and Algorithm 14.31 we can construct a normal element a of 
F22S over F2 with corresponding vector (ag, • • • , a2s-i) and a normal element /? of F2m over F2 
with corresponding vector (60, • ■ ■ 7 &m-i)- From Theorem 15. 3[ 7 ~ a/3 is a normal element of 
F22«Tn over F2. 

For < < 2^m - 1, a'" = a^-^'^^^ and /S^^ = /^^''''^^^ thus 
TV22»™|2(7'+'') = Tr223™|2(a/3a2'/?2'=) 



Tfecmod 2=) ofe(modm), 
= Tr223™|2(a/3a2 ) 

„fc(mod 2=), , „fc(mod m), 

= Tr223|2(aa' ')Tr2™|2(/3/3' : 

~ "fe(mod 2=)^fe(mod m) 

= Cfe. 

So the corresponding vector of normal element 7 is (cq, ci, • • • , C2sm-i)- ■ 
Let n — 2*771 with 2^* > 4 and m odd, (ao, ai, • • • , a2s-i) G Fj' be 



ai = 



1, ? = 0,io,2* - io, 
0, Otherwise, 
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where 2 \ io,io G [1,2" - 1], and {bo,bi,--- ,bm-i) = (1,0,- •• ,0) G F'2". Then the vector 
(co,ci, ■ • • ,C2=m-i) G ™ defined by Ck = ^^(niod 2-)^A;(niod m) ^ < fc < 2''m - 1 is 

^ f 1, k^O,jom,n- jom, 
\ 0, Otherwise, 

where jo is the unique solution of the congruence equation mx = io(mod 2"). By Corollary 15 ■4[ 
there exists a normal element of F2" over F2 with its corresponding vector (cq, ■ ■ • , Cn~i), the 
Hamming weight of which is 3. 

Corollary 5.5 For every n with 4 dividing n, there is a normal element a of ¥21 over ¥2 such 
that the Hamming weight of its corresponding vector 

(Tr2.|2(«), Tr2.|2(ai+2), Tr2.|2(«i+^), ■ • • , Tr2„|2(«i+2"" )) 

is 3. 
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